scsi: lpfc: Add Buffer overflow check, when nvme_info larger than PAGE_SIZE - starfive-tech/linux.git - StarFive Tech Linux Kernel for VisionFive (JH7110) boards (mirror)

diff options

author	James Smart <jsmart2021@gmail.com>	2018-06-26 18:24:22 +0300
committer	Martin K. Petersen <martin.petersen@oracle.com>	2018-07-11 05:15:08 +0300
commit	afff0d2321ea2beb6f4dcd029d4667acf73dec25 (patch)
tree	aaec3570d01b678ca96c65105873e7536b3bbfd2 /tools/perf/scripts/python/call-graph-from-sql.py
parent	e936a38ac92dd40867ac3b52cfd8f3f70fe717a5 (diff)
download	linux-afff0d2321ea2beb6f4dcd029d4667acf73dec25.tar.xz

scsi: lpfc: Add Buffer overflow check, when nvme_info larger than PAGE_SIZE

Kernel crashes during fill_read_buffer when nvme_info sysfs file read. With multiple NVME targets, approx 40, nvme_info may grow larger than PAGE_SIZE bytes. snprintf(buf + len, PAGE_SIZE - len, ...) logic is flawed as PAGE_SIZE - len can be < 0 and is accepted by snprintf. This results in buffer overflow, and is detected with check from dev_attr_show and fill_read_buffer. Change to use scnprintf to a tmp array, before calling strlcat to ensure no buffer overflow over PAGE_SIZE bytes. Message "6314" created as a new message indicating when there is more nvme info, but is truncated to fit within PAGE_SIZE bytes. Signed-off-by: Dick Kennedy <dick.kennedy@broadcom.com> Signed-off-by: James Smart <james.smart@broadcom.com> Signed-off-by: Martin K. Petersen <martin.petersen@oracle.com>

Diffstat (limited to 'tools/perf/scripts/python/call-graph-from-sql.py')

0 files changed, 0 insertions, 0 deletions


context:
space:
mode: